Magonia Research (Page 1)

Detection 06 Mar 2026

EDR Telemetry Project: From Misleading to Actively Deceptive?

The EDR Telemetry Project's website tells visitors to "validate detection logic" and endorses its use for guiding procurement decisions. The disclaimers saying it shouldn't be used for that exist only on GitHub. Public feedback suggesting it be clarified it can't be used for detection were ignored.

Detection 16 Nov 2025

A.I. Cybersecurity Tool Marketing: Insanity vs Reality

A.I. insanity has reached no heights. As vendors scream about AI super threats while the reality is boring.

Detection 11 Oct 2025

"That Can be Evaded" and the Imperfect Detector

Every detection can be evaded. So what's worse: missing an attack or drowning in noise? The Base-Rate Fallacy shows that false positives are the true limiting factor. The goal isn't to be perfect; it's to be a difficult target. Each layer that forces an adversary to adapt is a win.

Detection 04 Oct 2025

Fuzzy Hashing Research: A Paper Highlight with Practitioner's Notes

A new paper questions fuzzy hashing, but real-world data tells a different story. I share practical lessons for reducing false positives and argue that the future of TLSH isn't in alerting, it's in enriching events to create high-fidelity detections.

Detection 25 Sep 2025

Maximizing the Value of Indicators of Compromise and Reimagining Their Role in Modern Detection

Have we become so focused on TTPs that we've dismissed the value at the bottom of the pyramid? This post explores what role IOC's have in a modern detection program if any, and what the future may look like for them.

Research 21 Sep 2025

What Does "Visibility" Actually Mean When it comes to Cybersecurity?

In cybersecurity, nobody agrees on what "visibility" means. This post cuts through vendor hype with a practical framework, using a Splunk article's model of telemetry, monitoring, and observability to give your entire team a shared language to build better defenses.

21 Sep 2025

EDR Telemetry Project Criticism Author Response

The author of the EDR Telemetry Project responded, accusing me of spreading misinformation by saying his project was for detection, that it's always only ever been about telemetry. The problem is, his own words contradict him.

Detection 09 Sep 2025

Why the EDR Telemetry Project is Misleading

The EDR Telemetry Project is misleading. Its scoring only defines if telemetry is collected, not if it's actually useable. This post breaks down why the project is flawed in its current state and how some minor tweaks could make it truly valuable.

Beginner 06 Sep 2025

Software Development Nuggets for Security Analysts Part 2: The Browser

The response to the first article was really positive, and it highlighted something I've seen a lot: many of us in security come from backgrounds in IT, networking,

General 01 Sep 2025

How I Leveled Up from Help Desk to Cloud Security Researcher

Breaking into cybersecurity feels impossible right now. This isn't a magic formula, but my personal story of navigating the field. Learn from my experiences with degrees, certs, and networking to find your own way in a tough job market.

SecOps 07 Aug 2025

What Framing Security Alerts as a Binary True or False Positive is Costing You

Ask anyone who’s worked in a SOC long enough and they’ll tell you: debates over “true positive” versus “false positive” happen a lot. Usually, the conversation goes in circles—one person insists an alert was a false positive, another argues it was technically a true positive,

Detection 17 Apr 2025

Announcing CelesTLSH CLI: A Lightweight Tool for TLSH Hash Analysis

I'm excited to announce the release of CelesTLSH CLI, a lightweight CLI interface tool for calculating, comparing, and analyzing TLSH hashes. This tool is designed to help security professionals quickly identify potentially malicious files by comparing them against a database of known attack tools.